Regardless of how you manage the BGP route advertisements coming from Microsoft, you won't gain any special exposure to Office 365 services when compared to connecting to Office 365 over an internet circuit alone. If you're concerned with number of prefixes advertised into your environment, the BGP community feature allows you to filter the advertisements to a specific set of Office 365 services.
Due to the global nature of Office 365 and the number of services that make up Office 365, customers often have a need to manage the advertisements they accept on their network. Changes not implemented in time will likely result in a service outage.Ĭonnecting to Office 365 using Azure ExpressRoute is based on BGP advertisements of specific IP subnets that represent networks where Office 365 endpoints are deployed. This solution requires significant on-going changes. High: Customer filters routes based on defined Office 365 IP prefixes.Ĭustomers must implement a robust change management process for the monthly updates. Medium: Customer implements summarized prefix filter lists to allow only Microsoft owned routes.Ĭustomers must ensure the infrequent updates are reflected in route filters. Low: Customer relies upon Microsoft controls to ensure all routes are properly owned. The Office 365 URLs and IP address ranges do not cover other Microsoft services that may be in scope for your ExpressRoute connections. The Office 365 URLs and IP address ranges are designed for managing firewall allow lists and Proxy infrastructure, not routing. The Office 365 IP prefixes undergo lots of changes on a frequent basis. There are a number of reasons to avoid the use of the Office 365 URLs and IP address ranges for generating prefix filter lists.
In the event there is a change, it will be made on the 1st of the month and the version number in the details section of the page will change every time the file is updated.
IP SUMMARY ROUTE CALCULATOR FULL
These ranges cover the full Microsoft address space and change infrequently, providing a reliable set of ranges to filter against that also provides additional protection to customers who are concerned about non-Microsoft owned routes leaking into their environment. If you require additional validation of route ownership across ExpressRoute public peering, you can check the advertised routes against the list of all IPv4 and IPv6 IP prefixes that represent Microsoft's public IP ranges. ExpressRoute natively offers the recommended controls such as IP prefix ownership, integrity, and scale - with no inbound route filtering on the customer side. Microsoft recommends that customers accept all BGP routes as advertised from Microsoft, the routes provided undergo a rigorous review and validation process removing any benefits to added scrutiny. Unauthorized subscriptions trying to create route filters for Office 365 will receive an error message Prefix filtering
IP SUMMARY ROUTE CALCULATOR HOW TO
Please contact your Microsoft Account team to learn about how to request a review for enabling Office 365 ExpressRoute. Customers needing Azure ExpressRoute for Office 365 must obtain review from Microsoft before they can create route filters for Office 365. After enabling Microsoft Peering, any customer can create route filters to receive BGP route advertisements for Dynamics 365 Customer Engagement applications (Formerly known as CRM Online). Starting July 31st, 2017, all Azure ExpressRoute customers can enable Microsoft Peering directly from the Azure Administrative console or via PowerShell. Microsoft changed how the Microsoft Peering routing domain is reviewed for Azure ExpressRoute.
0 kommentar(er)
